CVE-2019-12654
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 15.6(1)s4.2 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1000 Integrated Services Router | All versions |
Cisco 1100 Integrated Services Router | All versions |
Cisco 4000 Integrated Services Router | All versions |
Cisco 4221 Integrated Services Router | All versions |
Cisco 4321 Integrated Services Router | All versions |
Cisco 4331 Integrated Services Router | All versions |
Cisco 4351 Integrated Services Router | All versions |
Cisco 4431 Integrated Services Router | All versions |
Cisco 4451 X Integrated Services Router | All versions |
Cisco Asr 1000 | All versions |
Cisco Asr 1001 Hx | All versions |
Cisco Asr 1001 X | All versions |
Cisco Asr 1002 Hx | All versions |
Cisco Asr 1002 X | All versions |
Cisco Cloud Services Router 1000v | All versions |
Cisco Integrated Services Virtual Router | All versions |
Related CWEs
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.